libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

KEYCLOAK-6748 undertow saml adapter tests

Browse source
This commit is contained in:
vramik 2018-09-12 10:15:13 +02:00 committed by Pavel Drozd
parent bce2aee144
commit 560d76b7ee
18 changed files with 294 additions and 80 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
adapters/saml/undertow/src/main/resources/META-INF/services/io.undertow.servlet.ServletExtension Normal file
View file

@ -0,0 +1,18 @@
#
# Copyright 2018 Red Hat, Inc. and/or its affiliates
# and other contributors as indicated by the @author tags.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
org.keycloak.adapters.saml.undertow.SamlServletExtension

2
server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
View file

@ -1086,7 +1086,7 @@ public class RepresentationToModel {
* @return
*/
public static ClientModel createClient(KeycloakSession session, RealmModel realm, ClientRepresentation resourceRep, boolean addDefaultRoles) {
logger.debug("Create client: {0}" + resourceRep.getClientId());
logger.debugv("Create client: {0}", resourceRep.getClientId());
ClientModel client = resourceRep.getId() != null ? realm.addClient(resourceRep.getId(), resourceRep.getClientId()) : realm.addClient(resourceRep.getClientId());
if (resourceRep.getName() != null) client.setName(resourceRep.getName());

4
testsuite/integration-arquillian/servers/app-server/undertow/pom.xml
View file

@ -32,6 +32,10 @@
<groupId>org.keycloak</groupId>
<artifactId>keycloak-undertow-adapter</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-saml-undertow-adapter</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak.testsuite</groupId>
<artifactId>integration-arquillian-servers-app-server-spi</artifactId>

42
testsuite/integration-arquillian/servers/app-server/undertow/src/main/java/org/keycloak/testsuite/arquillian/undertow/UndertowAppServer.java
View file

@ -27,12 +27,18 @@ import io.undertow.servlet.api.ServletInfo;
import java.io.File;
import java.io.IOException;
import java.lang.reflect.Field;
import java.nio.charset.Charset;
import java.util.Collection;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.stream.Collectors;
import javax.servlet.ServletException;
import javax.ws.rs.Path;
import javax.ws.rs.core.Application;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.IOUtils;
import org.arquillian.undertow.UndertowContainerConfiguration;
import org.jboss.arquillian.container.spi.client.container.DeployableContainer;
import org.jboss.arquillian.container.spi.client.container.DeploymentException;
@ -43,11 +49,14 @@ import org.jboss.arquillian.container.spi.client.protocol.metadata.ProtocolMetaD
import org.jboss.arquillian.container.spi.client.protocol.metadata.Servlet;
import org.jboss.logging.Logger;
import org.jboss.resteasy.plugins.server.undertow.UndertowJaxrsServer;
import org.jboss.resteasy.spi.ResteasyDeployment;
import org.jboss.shrinkwrap.api.Archive;
import org.jboss.shrinkwrap.api.asset.ClassAsset;
import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.jboss.shrinkwrap.descriptor.api.Descriptor;
import org.jboss.shrinkwrap.undertow.api.UndertowWebArchive;
import org.keycloak.common.util.reflections.Reflections;
import org.keycloak.testsuite.arquillian.undertow.saml.util.RestSamlApplicationConfig;
import org.keycloak.testsuite.utils.undertow.UndertowDeployerHelper;
import org.keycloak.testsuite.utils.undertow.UndertowWarClassLoader;
@ -115,7 +124,13 @@ public class UndertowAppServer implements DeployableContainer<UndertowAppServerC
if (archive instanceof UndertowWebArchive) {
di = ((UndertowWebArchive) archive).getDeploymentInfo();
} else if (archive instanceof WebArchive) {
di = new UndertowDeployerHelper().getDeploymentInfo(configuration, (WebArchive)archive);
WebArchive webArchive = (WebArchive)archive;
if (isJaxrsApp(webArchive)) {
di = new UndertowDeployerHelper().getDeploymentInfo(configuration, webArchive,
undertow.undertowDeployment(getCustomResteasyDeployment(webArchive)));
} else {
di = new UndertowDeployerHelper().getDeploymentInfo(configuration, webArchive);
}
} else {
throw new IllegalArgumentException("UndertowContainer only supports UndertowWebArchive or WebArchive.");
}
@ -191,4 +206,29 @@ public class UndertowAppServer implements DeployableContainer<UndertowAppServerC
}
return httpContext;
}
private boolean isJaxrsApp(WebArchive archive) throws DeploymentException {
try {
return IOUtils.toString(archive.get("/WEB-INF/web.xml").getAsset().openStream(), Charset.forName("UTF-8"))
.contains(Application.class.getName());
} catch (IOException e) {
throw new DeploymentException("Unable to read archive.", e);
}
}
private ResteasyDeployment getCustomResteasyDeployment(WebArchive webArchive) {
//take all classes from war and add those with @Path annotation to RestSamlApplicationConfig
Set<Class<?>> classes = webArchive.getContent(archivePath ->
archivePath.get().startsWith("/WEB-INF/classes/") &&
archivePath.get().endsWith(".class")
).values().stream()
.filter(node -> node.getAsset() instanceof ClassAsset)
.map(node -> ((ClassAsset)node.getAsset()).getSource())
.filter(clazz -> clazz.isAnnotationPresent(Path.class))
.collect(Collectors.toSet());
ResteasyDeployment deployment = new ResteasyDeployment();
deployment.setApplication(new RestSamlApplicationConfig(classes));
return deployment;
}
}

11
testsuite/integration-arquillian/servers/app-server/undertow/src/main/java/org/keycloak/testsuite/arquillian/undertow/container/UndertowDeploymentArchiveProcessor.java
View file

@ -39,6 +39,10 @@ public class UndertowDeploymentArchiveProcessor implements ApplicationArchivePro
modifyWebXML(archive, testClass);
modifyOIDCAdapterConfig(archive, DeploymentArchiveProcessorUtils.ADAPTER_CONFIG_PATH);
modifySAMLAdapterConfig(archive, DeploymentArchiveProcessorUtils.SAML_ADAPTER_CONFIG_PATH);
modifySAMLAdapterConfig(archive, DeploymentArchiveProcessorUtils.SAML_ADAPTER_CONFIG_PATH_TENANT1);
modifySAMLAdapterConfig(archive, DeploymentArchiveProcessorUtils.SAML_ADAPTER_CONFIG_PATH_TENANT2);
}
private void modifyWebXML(Archive<?> archive, TestClass testClass) {
@ -56,4 +60,11 @@ public class UndertowDeploymentArchiveProcessor implements ApplicationArchivePro
DeploymentArchiveProcessorUtils.modifyOIDCAdapterConfig(archive, adapterConfigPath);
}
private void modifySAMLAdapterConfig(Archive<?> archive, String adapterConfigPath) {
if (!archive.contains(adapterConfigPath)) return;
log.debug("Modifying adapter config " + adapterConfigPath + " in " + archive.getName());
DeploymentArchiveProcessorUtils.modifySAMLAdapterConfig(archive, adapterConfigPath);
}
}

47
testsuite/integration-arquillian/servers/app-server/undertow/src/main/java/org/keycloak/testsuite/arquillian/undertow/saml/util/RestSamlApplicationConfig.java Normal file
View file

@ -0,0 +1,47 @@
/*
* Copyright 2018 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.arquillian.undertow.saml.util;
import java.util.Set;
import javax.ws.rs.core.Application;
/**
* Wildfly JAX-RS Integration has support for scanning deployment for annotations.
*
* https://github.com/wildfly/wildfly/blob/14.0.1.Final/jaxrs/src/main/java/org/jboss/as/jaxrs/deployment/JaxrsAnnotationProcessor.java
*
* On undertow we have to set Application Class manually:
*
* ResteasyDeployment deployment = new ResteasyDeployment();
* deployment.setApplication(application);
*
* @author vramik
*/
public class RestSamlApplicationConfig extends Application {
private final Set<Class<?>> classes;
public RestSamlApplicationConfig(Set<Class<?>> classes) {
this.classes = classes;
}
@Override
public Set<Class<?>> getClasses() {
return classes;
}
}

4
testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/SamlMultiTenantResolver.java
View file

@ -38,7 +38,7 @@ public class SamlMultiTenantResolver implements SamlConfigResolver {
throw new IllegalStateException("Not able to resolve realm from the request path!");
}
InputStream is = getClass().getResourceAsStream("/" + realm + "-keycloak-saml.xml");
InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream("/" + realm + "-keycloak-saml.xml");
if (is == null) {
throw new IllegalStateException("Not able to find the file /" + realm + "-keycloak-saml.xml");
}
@ -46,7 +46,7 @@ public class SamlMultiTenantResolver implements SamlConfigResolver {
ResourceLoader loader = new ResourceLoader() {
@Override
public InputStream getResourceAsStream(String path) {
return getClass().getResourceAsStream(path);
return Thread.currentThread().getContextClassLoader().getResourceAsStream(path);
}
};

2
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/MultiTenant1Saml.java
View file

@ -45,7 +45,7 @@ public class MultiTenant1Saml extends SAMLServlet {
@Override
public void logout() {
driver.navigate().to(getUriBuilder().queryParam("GLO", "true").queryParam("realm", "tenant1").build().toASCIIString());
driver.navigate().to(getUriBuilder().clone().queryParam("GLO", "true").queryParam("realm", "tenant1").build().toASCIIString());
getUriBuilder().replaceQueryParam("GLO");
pause(300);
}

2
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/MultiTenant2Saml.java
View file

@ -45,7 +45,7 @@ public class MultiTenant2Saml extends SAMLServlet {
@Override
public void logout() {
driver.navigate().to(getUriBuilder().queryParam("GLO", "true").queryParam("realm", "tenant2").build().toASCIIString());
driver.navigate().to(getUriBuilder().clone().queryParam("GLO", "true").queryParam("realm", "tenant2").build().toASCIIString());
getUriBuilder().replaceQueryParam("GLO");
pause(300);
}

15
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SAMLServlet.java
View file

@ -17,9 +17,12 @@
package org.keycloak.testsuite.adapter.page;
import javax.ws.rs.core.UriBuilder;
import org.keycloak.testsuite.page.AbstractPageWithInjectedUrl;
import org.keycloak.testsuite.util.WaitUtils;
import static org.keycloak.testsuite.util.WaitUtils.pause;
import org.openqa.selenium.By;
/**
* @author mhajas
@ -27,8 +30,7 @@ import static org.keycloak.testsuite.util.WaitUtils.pause;
public abstract class SAMLServlet extends AbstractPageWithInjectedUrl {
public void logout() {
driver.navigate().to(getUriBuilder().queryParam("GLO", "true").build().toASCIIString());
getUriBuilder().replaceQueryParam("GLO");
driver.navigate().to(getUriBuilder().clone().queryParam("GLO", "true").build().toASCIIString());
pause(300);
}
@ -41,7 +43,14 @@ public abstract class SAMLServlet extends AbstractPageWithInjectedUrl {
}
public void checkRolesEndPoint(boolean value) {
driver.navigate().to(getUriBuilder().build().toASCIIString() + "/" + (value ? "" : "un") + "checkRoles");
driver.navigate().to(getUriBuilder().clone().path((value ? "" : "un") + "checkRoles").build().toASCIIString());
pause(300);
}
public void setRolesToCheck(String roles) {
UriBuilder uriBuilder = getUriBuilder().clone();
String toASCIIString = uriBuilder.path("setCheckRoles").queryParam("roles", roles).build().toASCIIString();
driver.navigate().to(toASCIIString);
WaitUtils.waitUntilElement(By.tagName("body")).text().contains("These roles will be checked:");
}
}

12
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/AdapterTestExecutionDecider.java
View file

@ -53,7 +53,11 @@ public class AdapterTestExecutionDecider implements TestExecutionDecider {
if (testContext.isAdapterContainerEnabled() || testContext.isAdapterContainerEnabledCluster()) {
if (method.isAnnotationPresent(AppServerContainer.class)) { // taking method level annotation first as it has higher priority
if (getCorrespondingAnnotation(method).skip()) {
if (getCorrespondingAnnotation(method) == null) { //no corresponding annotation - taking class level annotation
if (getCorrespondingAnnotation(testContext.getTestClass()).skip()) {
return execute(method, Boolean.FALSE, "Skipped by @AppServerContainer class level annotation.");
}
} else if (getCorrespondingAnnotation(method).skip()) { //corresponding annotation
return execute(method, Boolean.FALSE, "Skipped by @AppServerContainer method level annotation.");
}
} else { //taking class level annotation
@ -88,7 +92,7 @@ public class AdapterTestExecutionDecider implements TestExecutionDecider {
return appServerContainers.stream()
.filter(annotation -> annotation.value().equals(testContextInstance.get().getAppServerContainerName()))
.findFirst()
.orElseThrow(() -> new IllegalStateException("Not found the @AppServerContainer annotation with current app server."));
.orElse(null);
}
private AppServerContainer getCorrespondingAnnotation(Class testClass) {
@ -107,7 +111,7 @@ public class AdapterTestExecutionDecider implements TestExecutionDecider {
return appServerContainers.stream()
.filter(annotation -> annotation.value().equals(testContextInstance.get().getAppServerContainerName()))
.findFirst()
.orElseThrow(() -> new IllegalStateException("Not found the @AppServerContainer annotation with current app server."));
.orElse(null);
}
private ExecutionDecision execute(Method method, Boolean execute, String message) {
@ -116,7 +120,7 @@ public class AdapterTestExecutionDecider implements TestExecutionDecider {
return ExecutionDecision.execute();
} else {
cache.put(method, new CachedRecord(Boolean.FALSE, message));
log.debug(message);
log.debug(method.getName() + " " + message);
return ExecutionDecision.dontExecute(message);
}
}

15
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterServletAdapterTest.java
View file

@ -11,6 +11,7 @@ import org.keycloak.testsuite.arquillian.containers.ContainerConstants;
/**
* @author mhajas
*/
@AppServerContainer(ContainerConstants.APP_SERVER_UNDERTOW)
@AppServerContainer(ContainerConstants.APP_SERVER_WILDFLY)
@AppServerContainer(ContainerConstants.APP_SERVER_WILDFLY_DEPRECATED)
@AppServerContainer(ContainerConstants.APP_SERVER_EAP)
@ -94,4 +95,18 @@ public class SAMLFilterServletAdapterTest extends SAMLServletAdapterTest {
public void testErrorHandlingSigned() {
}
@Test
@Override
@Ignore
public void multiTenant1SamlTest() throws Exception {
}
@Test
@Override
@Ignore
public void multiTenant2SamlTest() throws Exception {
}
}

73
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLServletAdapterTest.java
View file

@ -166,6 +166,7 @@ import org.xml.sax.SAXException;
/**
* @author mhajas
*/
@AppServerContainer(ContainerConstants.APP_SERVER_UNDERTOW)
@AppServerContainer(ContainerConstants.APP_SERVER_WILDFLY)
@AppServerContainer(ContainerConstants.APP_SERVER_WILDFLY_DEPRECATED)
@AppServerContainer(ContainerConstants.APP_SERVER_EAP)
@ -265,10 +266,10 @@ public class SAMLServletAdapterTest extends AbstractServletsAdapterTest {
protected EcpSP ecpSPPage;
@Page
protected MultiTenant1Saml mutiTenant1SamlPage;
protected MultiTenant1Saml multiTenant1SamlPage;
@Page
protected MultiTenant2Saml mutiTenant2SamlPage;
protected MultiTenant2Saml multiTenant2SamlPage;
@Page
protected SAMLPostLoginTenant1 tenant1RealmSAMLPostLoginPage;
@ -595,38 +596,50 @@ public class SAMLServletAdapterTest extends AbstractServletsAdapterTest {
@Test
public void multiTenant1SamlTest() throws Exception {
UserRepresentation user1 = createUserRepresentation("user-tenant1", "user-tenant1@redhat.com", "Bill", "Burke", true);
setPasswordFor(user1, "user-tenant1");
// check the user in the tenant logs in ok
assertSuccessfulLogin(mutiTenant1SamlPage, user1, tenant1RealmSAMLPostLoginPage, "principal=user-tenant1");
// check the issuer is the correct tenant
driver.navigate().to(mutiTenant1SamlPage.getUriBuilder().path("getAssertionIssuer").build().toASCIIString());
waitUntilElement(By.xpath("//body")).text().contains("/auth/realms/tenant1");
// check logout
mutiTenant1SamlPage.logout();
checkLoggedOut(mutiTenant1SamlPage, tenant1RealmSAMLPostLoginPage);
// check a user in the other tenant doesn't login
UserRepresentation user2 = createUserRepresentation("user-tenant2", "user-tenant2@redhat.com", "Bill", "Burke", true);
setPasswordFor(user2, "user-tenant2");
assertFailedLogin(mutiTenant1SamlPage, user2, tenant1RealmSAMLPostLoginPage);
multiTenant1SamlPage.setRolesToCheck("user");
try {
UserRepresentation user1 = createUserRepresentation("user-tenant1", "user-tenant1@redhat.com", "Bill", "Burke", true);
setPasswordFor(user1, "user-tenant1");
// check the user in the tenant logs in ok
assertSuccessfulLogin(multiTenant1SamlPage, user1, tenant1RealmSAMLPostLoginPage, "principal=user-tenant1");
// check the issuer is the correct tenant
driver.navigate().to(multiTenant1SamlPage.getUriBuilder().clone().path("getAssertionIssuer").build().toASCIIString());
waitUntilElement(By.xpath("//body")).text().contains("/auth/realms/tenant1");
// check logout
multiTenant1SamlPage.logout();
checkLoggedOut(multiTenant1SamlPage, tenant1RealmSAMLPostLoginPage);
// check a user in the other tenant doesn't login
UserRepresentation user2 = createUserRepresentation("user-tenant2", "user-tenant2@redhat.com", "Bill", "Burke", true);
setPasswordFor(user2, "user-tenant2");
assertFailedLogin(multiTenant1SamlPage, user2, tenant1RealmSAMLPostLoginPage);
} finally {
multiTenant1SamlPage.checkRolesEndPoint(false);
}
}
@Test
public void multiTenant2SamlTest() throws Exception {
UserRepresentation user2 = createUserRepresentation("user-tenant2", "user-tenant2@redhat.com", "Bill", "Burke", true);
setPasswordFor(user2, "user-tenant2");
// check the user in the tenant logs in ok
assertSuccessfulLogin(mutiTenant2SamlPage, user2, tenant2RealmSAMLPostLoginPage, "principal=user-tenant2");
// check the issuer is the correct tenant
driver.navigate().to(mutiTenant2SamlPage.getUriBuilder().path("getAssertionIssuer").build().toASCIIString());
waitUntilElement(By.xpath("//body")).text().contains("/auth/realms/tenant2");
// check logout
mutiTenant2SamlPage.logout();
checkLoggedOut(mutiTenant2SamlPage, tenant2RealmSAMLPostLoginPage);
// check a user in the other tenant doesn't login
UserRepresentation user1 = createUserRepresentation("user-tenant1", "user-tenant1@redhat.com", "Bill", "Burke", true);
setPasswordFor(user1, "user-tenant1");
assertFailedLogin(mutiTenant2SamlPage, user1, tenant2RealmSAMLPostLoginPage);
multiTenant2SamlPage.setRolesToCheck("user");
try {
UserRepresentation user2 = createUserRepresentation("user-tenant2", "user-tenant2@redhat.com", "Bill", "Burke", true);
setPasswordFor(user2, "user-tenant2");
// check the user in the tenant logs in ok
assertSuccessfulLogin(multiTenant2SamlPage, user2, tenant2RealmSAMLPostLoginPage, "principal=user-tenant2");
// check the issuer is the correct tenant
driver.navigate().to(multiTenant2SamlPage.getUriBuilder().clone().path("getAssertionIssuer").build().toASCIIString());
waitUntilElement(By.xpath("//body")).text().contains("/auth/realms/tenant2");
// check logout
multiTenant2SamlPage.logout();
checkLoggedOut(multiTenant2SamlPage, tenant2RealmSAMLPostLoginPage);
// check a user in the other tenant doesn't login
UserRepresentation user1 = createUserRepresentation("user-tenant1", "user-tenant1@redhat.com", "Bill", "Burke", true);
setPasswordFor(user1, "user-tenant1");
assertFailedLogin(multiTenant2SamlPage, user1, tenant2RealmSAMLPostLoginPage);
} finally {
multiTenant2SamlPage.checkRolesEndPoint(false);
}
}
private static final KeyPair NEW_KEY_PAIR = KeyUtils.generateRsaKeyPair(1024);

19
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/NonIDERunListener.java
View file

@ -40,12 +40,27 @@ public class NonIDERunListener extends RunListener {
}
private void disableKeycloakLogging() {
String loggingLevel = System.getProperty(KEYCLOAK_LOGGING_LEVEL_NAME);
if (loggingLevel == null || loggingLevel.isEmpty()) {
String loggingLevel = System.getProperty(KEYCLOAK_LOGGING_LEVEL_NAME, "").toLowerCase();
if (loggingLevel.isEmpty()) {
log.infof("Setting %s to off. Keycloak server logging will be disabled", KEYCLOAK_LOGGING_LEVEL_NAME);
System.setProperty(KEYCLOAK_LOGGING_LEVEL_NAME, "off");
org.apache.log4j.Logger.getLogger("org.keycloak").setLevel(Level.OFF);
} else {
switch (loggingLevel) {
case "debug":
org.apache.log4j.Logger.getLogger("org.keycloak").setLevel(Level.DEBUG);
break;
case "trace":
org.apache.log4j.Logger.getLogger("org.keycloak").setLevel(Level.TRACE);
break;
case "all":
org.apache.log4j.Logger.getLogger("org.keycloak").setLevel(Level.ALL);
break;
default:
org.apache.log4j.Logger.getLogger("org.keycloak").setLevel(Level.INFO);
break;
}
}
}

12
testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/multi-tenant-saml/WEB-INF/web.xml
View file

@ -45,6 +45,18 @@
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Unsecured-setCheckRoles</web-resource-name>
<url-pattern>/setCheckRoles/*</url-pattern>
</web-resource-collection>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Unsecured-uncheckRoles</web-resource-name>
<url-pattern>/uncheckRoles/*</url-pattern>
</web-resource-collection>
</security-constraint>
<login-config>
<auth-method>KEYCLOAK-SAML</auth-method>

12
testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/web.xml
View file

@ -45,6 +45,18 @@
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Unsecured-setCheckRoles</web-resource-name>
<url-pattern>/setCheckRoles/*</url-pattern>
</web-resource-collection>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Unsecured-uncheckRoles</web-resource-name>
<url-pattern>/uncheckRoles/*</url-pattern>
</web-resource-collection>
</security-constraint>
<login-config>
<auth-method>KEYCLOAK-SAML</auth-method>

68
testsuite/integration-arquillian/util/src/main/java/org/keycloak/testsuite/utils/undertow/SimpleWebXmlParser.java
View file

@ -55,33 +55,35 @@ class SimpleWebXmlParser {
try {
DocumentWrapper document = new DocumentWrapper(webXml);
// SERVLETS
if (di.getServlets().get("ResteasyServlet") == null) {
Map<String, String> servletMappings = new HashMap<>();
List<ElementWrapper> sm = document.getElementsByTagName("servlet-mapping");
for (ElementWrapper mapping : sm) {
String servletName = mapping.getElementByTagName("servlet-name").getText();
String path = mapping.getElementByTagName("url-pattern").getText();
servletMappings.put(servletName, path);
}
// SERVLETS
Map<String, String> servletMappings = new HashMap<>();
List<ElementWrapper> sm = document.getElementsByTagName("servlet-mapping");
for (ElementWrapper mapping : sm) {
String servletName = mapping.getElementByTagName("servlet-name").getText();
String path = mapping.getElementByTagName("url-pattern").getText();
servletMappings.put(servletName, path);
}
List<ElementWrapper> servlets = document.getElementsByTagName("servlet");
for (ElementWrapper servlet : servlets) {
String servletName = servlet.getElementByTagName("servlet-name").getText();
ElementWrapper servletClassEw = servlet.getElementByTagName("servlet-class");
String servletClass = servletClassEw == null ? servletName : servletClassEw.getText();
ElementWrapper loadOnStartupEw = servlet.getElementByTagName("load-on-startup");
Integer loadOnStartup = loadOnStartupEw == null ? null : Integer.valueOf(loadOnStartupEw.getText());
List<ElementWrapper> servlets = document.getElementsByTagName("servlet");
for (ElementWrapper servlet : servlets) {
String servletName = servlet.getElementByTagName("servlet-name").getText();
ElementWrapper servletClassEw = servlet.getElementByTagName("servlet-class");
String servletClass = servletClassEw == null ? servletName : servletClassEw.getText();
ElementWrapper loadOnStartupEw = servlet.getElementByTagName("load-on-startup");
Integer loadOnStartup = loadOnStartupEw == null ? null : Integer.valueOf(loadOnStartupEw.getText());
Class<? extends Servlet> servletClazz = (Class<? extends Servlet>) Class.forName(servletClass);
ServletInfo undertowServlet = new ServletInfo(servletName, servletClazz);
Class<? extends Servlet> servletClazz = (Class<? extends Servlet>) Class.forName(servletClass);
ServletInfo undertowServlet = new ServletInfo(servletName, servletClazz);
if (servletMappings.containsKey(servletName)) {
undertowServlet.addMapping(servletMappings.get(servletName));
undertowServlet.setLoadOnStartup(loadOnStartup);
di.addServlet(undertowServlet);
} else {
log.warnf("Missing servlet-mapping for '%s'", servletName);
if (servletMappings.containsKey(servletName)) {
undertowServlet.addMapping(servletMappings.get(servletName));
undertowServlet.setLoadOnStartup(loadOnStartup);
di.addServlet(undertowServlet);
} else {
log.warnf("Missing servlet-mapping for '%s'", servletName);
}
}
}
@ -180,21 +182,29 @@ class SimpleWebXmlParser {
ElementWrapper sessionCfg = document.getElementByTagName("session-config");
if (sessionCfg != null) {
ElementWrapper cookieConfig = sessionCfg.getElementByTagName("cookie-config");
String httpOnly = cookieConfig.getElementByTagName("http-only").getText();
String cookieName = cookieConfig.getElementByTagName("name").getText();
ServletSessionConfig cfg = new ServletSessionConfig();
cfg.setHttpOnly(Boolean.parseBoolean(httpOnly));
if (cookieConfig.getElementByTagName("http-only") != null) {
cfg.setHttpOnly(Boolean.parseBoolean(cookieConfig.getElementByTagName("http-only").getText()));
}
cfg.setName(cookieName);
di.setServletSessionConfig(cfg);
}
// ERROR PAGES
List<ElementWrapper> errorPages = document.getElementsByTagName("error-page");
for (ElementWrapper errorPage : errorPages) {
int errorCode = Integer.parseInt(errorPage.getElementByTagName("error-code").getText());
String location = errorPage.getElementByTagName("location").getText();
di.addErrorPage(new ErrorPage(location, errorCode));
for (ElementWrapper errorPageWrapper : errorPages) {
String location = errorPageWrapper.getElementByTagName("location").getText();
ErrorPage errorPage;
if (errorPageWrapper.getElementByTagName("error-code") != null) {
errorPage = new ErrorPage(location, Integer.parseInt(errorPageWrapper.getElementByTagName("error-code").getText()));
} else {
errorPage = new ErrorPage(location);
}
di.addErrorPage(errorPage);
}
} catch (ClassNotFoundException cnfe) {

12
testsuite/integration-arquillian/util/src/main/java/org/keycloak/testsuite/utils/undertow/UndertowDeployerHelper.java
View file

@ -25,8 +25,6 @@ import io.undertow.server.handlers.resource.ResourceManager;
import io.undertow.server.handlers.resource.URLResource;
import io.undertow.servlet.api.DeploymentInfo;
import io.undertow.servlet.api.ServletInfo;
import org.apache.jasper.deploy.JspPropertyGroup;
import org.apache.jasper.deploy.TagLibraryInfo;
import org.arquillian.undertow.UndertowContainerConfiguration;
import org.jboss.logging.Logger;
import org.jboss.shrinkwrap.api.Archive;
@ -58,6 +56,10 @@ public class UndertowDeployerHelper {
private static final Logger log = Logger.getLogger(UndertowDeployerHelper.class);
public DeploymentInfo getDeploymentInfo(UndertowContainerConfiguration config, WebArchive archive) {
return getDeploymentInfo(config, archive, null);
}
public DeploymentInfo getDeploymentInfo(UndertowContainerConfiguration config, WebArchive archive, DeploymentInfo di) {
String archiveName = archive.getName();
String appName = archive.getName().substring(0, archive.getName().lastIndexOf('.'));
@ -69,7 +71,9 @@ public class UndertowDeployerHelper {
String appContextUrl = "http://" + config.getBindAddress() + ":" + config.getBindHttpPort() + contextPath;
try {
DeploymentInfo di = new DeploymentInfo();
if (di == null) {
di = new DeploymentInfo();
}
UndertowWarClassLoader classLoader = new UndertowWarClassLoader(UndertowDeployerHelper.class.getClassLoader(), archive);
di.setClassLoader(classLoader);
@ -89,7 +93,7 @@ public class UndertowDeployerHelper {
di.addWelcomePages("index.html", "index.jsp");
JspServletBuilder.setupDeployment(di, new HashMap<String, JspPropertyGroup>(), new HashMap<String, TagLibraryInfo>(), new HackInstanceManager());
JspServletBuilder.setupDeployment(di, new HashMap<>(), new HashMap<>(), new HackInstanceManager());
addAnnotatedServlets(di, archive);